Non-disclosure agreements are a means to an end, that end being to facilitate commercial discussions. So I’ve assembled some advice here for concluding robust NDAs while remaining in line with market standards of commercial acceptability, thereby minimising negotiating time as much as possible.

NDAs are increasingly available for download on websites and are often perceived as a sort of standard form, or “off the shelf” product. But they do merit considered attention, so as to ensure that sufficient protection is given and to ensure obvious pitfalls are avoided.

A solidly-drafted NDA should instill confidence in the party disclosing information to put its cards on the table. Likewise, the receiving party will want to be happy that it will not be liable under the NDA for matters outside of its control.

Firstly, the NDA should clearly specify what confidential information is. It is usual for NDAs to have quite wide, non-exhaustive descriptions of confidential information, and will usually cover off the nature of the information (financial, technical, commercial, operational, brand-related and marketing, etc) and the form of the information (paper documents, electronic files, disks, information communicated orally, etc).

In addition, the very existence of negotiations between the parties should in most cases be included as “confidential” – this is not always covered off in those “standard” NDAs.

What can the confidential information be used for? An NDA should specify a “purpose” for which the disclosing party makes the confidential information available to the receiving party. This may be a potential investment by the receiving party, or a commercial project between the parties.

The receiving party should be tied to only using the confidential information for that specific “purpose” and not, for example, for any competitive purpose which would prejudice the commercial interests of the disclosing party. If the parties are competitors, then the NDA will need to be more sophisticated to restrict the receiving party from contacting clients and staff of the disclosing party.

Who can the receiving party share the confidential information with? A receiving party may legitimately want to pass on information to third parties – such as its own advisers and employees. A disclosing party may be comfortable with this if, under the NDA, the receiving party undertakes to inform advisers and employees of the confidential nature of the material and if the receiving party remains liable for the breaches of such advisers or employees.

Alternatively, a disclosing party may prefer to require such third parties to enter into NDAs with it directly. A receiving party will want some flexibility though – for example, to pass on confidential information to courts if required to do so by law or regulation. These provisions are market standard and generally acceptable.

How must the receiving party store it? It is wise for a disclosing party to require the receiving party to exercise reasonable or all due care to prevent the information from being disclosed – for example, to keep the information securely stored and to treat it as securely as the receiving party would its own information – we have all heard the stories about sensitive data being stored on laptops and left on trains. Disclosing parties should seek to include a clause to require the receiving parties to let them know if information is leaked out contrary to the NDA terms.

What if the negotiations terminate? A disclosing party will want the information returned or destroyed, within a time period specified in the NDA. In either case it is quite fair for the disclosing party to require the receiving party to confirm in writing that this has been done. An often overlooked area in “off the shelf” NDAs is that no mention is made of the receiving party expunging its IT systems/email servers to erase confidential information.

Should a disclosing party give representations as to the accuracy of the information? In the vast majority of cases, no. From both parties’ perspective, reps and warranties as to the accuracy of the information supplied are better covered off in the subsequent commercial agreements which follow on from and flow out of the discussions.

How long should the NDA remain binding? The market norm is between 2 – 3 years, though this can be shorter or longer depending on the context. Disclosing parties should bear in mind how sensitive or commercially useful the information will be in practical terms after 1, 2 or 3 years, rather than being too concerned about insisting on very long time periods.

Which governing law? Again – often overlooked. Some NDAs have no governing law clause at all (which undercuts the certainty the parties are looking to obtain) and other NDAs downloadable from the internet are governed by overseas law. If based in the UK – argue for English law!

What are the remedies for breach of the NDA by the receiving party? While the NDA should provide for damages, the real “weapon” for the disclosing party under English law is to obtain “equitable remedies” – particularly an injunction from the court to order disclosure to be prevented in the first place. This needs to be expressly covered off by the NDA.

Who are the parties and who needs to sign? Sounds obvious, but I recently saw an NDA with no signature blocks at all! Also, do think about who the parties are, or ought to be: namely, are the individuals entering into relationships on their own account, or through their companies? If no consideration has been passed between the parties then the NDA should be executed as a deed to be enforceable – a deed has particular features and requirements as to execution which a normal agreement does not.

With these tips in mind, companies should be comfortable in the knowledge that their NDA is watertight, and get down to negotiation.

Jonathan Snade is a corporate lawyer at international law firm Pinsent Masons. He also runs Bootlaw, events that provide essential law advice for start-ups and emerging tech businesses